CORE-33: Hooked OpenSSL context service into app #17214
Conversation
|
/dt |
1 similar comment
|
/dt |
|
new failures in https://buildkite.com/redpanda/redpanda/builds/46513#018e5d9a-e4be-4aa4-bb38-e37205dd29bf: |
michael-redpanda
force-pushed
the
CORE-33-Hook-OSSL-Service-To-App
branch
from
8608feb
to
abf6e36
Compare
|
/dt |
|
ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f26-74e2-4635-8ed0-a48d4ddc3b39 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f26-74de-4147-81d9-bdca73793b86 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f39-137f-46c7-877e-5c1e4ee22085 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46621#018e66ee-b709-4380-b661-ac9f4b292a8a ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46637#018e6802-5965-4761-a07c-25994c2e1d2d ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46668#018e6c91-cd38-4ce9-bdc6-ae071a0f1e0c ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46668#018e6c91-cd31-4901-80a3-92b1ab498076 |
michael-redpanda
force-pushed
the
CORE-33-Hook-OSSL-Service-To-App
branch
from
abf6e36
to
e346eb8
Compare
|
/dt |
michael-redpanda
force-pushed
the
CORE-33-Hook-OSSL-Service-To-App
branch
from
e346eb8
to
769fb45
Compare
|
/dt |
Cluster fixture tests appear to start multiple Redpanda instances on the same thread. This was resulting in an assertion during service shutdown because the replaced context was not the expected one (it was replaced by startup of the service on the same thread). A new environment variable has been added to the CTest environment when running a fixture test. The short circuit now detects if the global default context is the current context and if it is not, will exit the start up of the service if the environment is an RP fixture environment, as denoted by the added environmental variable. Signed-off-by: Michael Boquard <michael@redpanda.com>
Construction and start of service is very early in application startup to ensure that any services that require crypto are using the appropriate thread local library context and that the contexts have been initialized appropriately. Signed-off-by: Michael Boquard <michael@redpanda.com>
michael-redpanda
force-pushed
the
CORE-33-Hook-OSSL-Service-To-App
branch
from
769fb45
to
9018835
Compare
|
/dt |
|
/dt |
michael-redpanda
changed the title
| if (in_rp_fixture_test()) { | ||
| lg.warn( | ||
| "Detected RP Fixture test, not initializing OSSL Context service"); | ||
| return ss::make_ready_future(); | ||
| } else { | ||
| return _impl->start(); | ||
| } | ||
| } |
There was a problem hiding this comment.
question: Does this mean that the default context is used in fixture tests? What's the implication of that? What are we not testing, are we sure it's limited to not blocking the reactor during I/O?
There was a problem hiding this comment.
Does this mean that the default context is used in fixture tests?
yes
What's the implication of that? What are we not testing, are we sure it's limited to not blocking the reactor during I/O?
We wouldn't be able to run OpenSSL in FIPS mode in fixture tests, however CDT tests and unit tests will be able to. I believe I/O, if there is any, will be limited to initialization of the OpenSSL library which would only happen once at the start of the testing application and not in between the different test cases.
Construction and start of service is very early in application startup to ensure that any services that require crypto are using the appropriate thread local library context and that the contexts have been initialized appropriately.
Fixes: https://github.com/redpanda-data/core-internal/issues/1191
Backports Required
Release Notes